Heroku GitHub Enterprise Integration: Unlocking Full Continuous Delivery for Enterprise Customers

We’re excited to announce a significant enhancement to how Heroku Enterprise customers connect their deployment pipelines to GitHub Enterprise Server (GHES) and GitHub Enterprise Cloud (GHEC). The new Heroku GitHub Enterprise Integration is now available in a closed pilot, offering a more secure, robust, and permanent connection between your code repositories and your Heroku apps.

This integration removes the final barrier preventing large enterprise customers from accessing our core continuous delivery features. By enabling a secure, permanent, app-based service identity, this integration now fully supports the use of Heroku Pipelines for automated, safe deployments and instantly accessible Review Apps for every feature branch. This ensures that developers at the world’s largest companies can finally utilize Heroku’s best-in-class workflow—deploying code consistently, automatically, and confidently from their preferred industry-standard version control system, all without being blocked by complex enterprise security or personnel turnover issues.

Scaling delivery: moving beyond personal credentials

Historically, connecting Heroku to GitHub Enterprise Server (GHES) and GitHub Enterprise Cloud (GHEC) relied on individual user credentials, typically in the form of Personal OAuth Tokens. While functional, this method presents critical friction for large organizations:

• Security mandates: Personal tokens often have broad permissions and conflict with stringent enterprise policies that demand a least privilege access model.
• Operational risk: If the specific user who set up the deployment pipeline leaves the organization or has their access revoked, the entire CI/CD process breaks down. This risk introduces fragility into mission-critical workflows.
• Maintenance burden: IT teams are forced to create and maintain separate “service accounts” or bot users purely to manage the connection, adding unnecessary complexity.

Heroku GitHub Enterprise Integration: dedicated service identity via GitHub App

This new integration is the recommended, next-generation method for connecting your Heroku Enterprise account to your organization’s GitHub environment (whether GitHub Enterprise Server or GitHub Enterprise Cloud).

Instead of relying on an individual user’s credentials (the traditional personal OAuth tokens) this feature uses a dedicated GitHub App. The GitHub App acts as a service identity, allowing Heroku to interact with your repositories on its own behalf.

This shift in authentication provides crucial advantages for enterprise security and stability by decoupling your deployment process from any single user account.

Key benefits of Heroku GitHub Enterprise Integration

This new architecture addresses critical enterprise needs, providing major improvements over the previous Heroku GitHub Deploys method:

Enhanced security and granular control

Unlike personal OAuth tokens, which grant access based on a user’s role, the integration leverages the inherent security model of GitHub Apps:

• Decoupled authentication: The GitHub App acts as a resilient, dedicated service identity, allowing Heroku to interact with your repositories on its own behalf. This decouples your deployment process from any single user account.
• Least privilege: You gain granular control over the permissions granted to Heroku, ensuring the integration can only access the specific repositories and perform the necessary deployment actions.

Deployment stability and team resilience

Increased operational stability for enterprise-grade application development.

• No pipeline breakage: Because the GitHub App owns the connection, your continuous integration and delivery (CI/CD) pipelines will not break if the original configuring user leaves your organization or has their access revoked. This ensures business continuity regardless of personnel changes.
• Zero service accounts: This integration automatically serves the function of a service account , eliminating the need to create and maintain a separate bot user for connectivity.

Unlocking the Full Power of Heroku Continuous Delivery

By establishing this robust, resilient service identity, the integration ensures that core continuous delivery features function reliably for both GitHub Enterprise Cloud (GHEC) and GitHub Enterprise Server (GHES) organizations:

• Full Heroku pipelines functionality: Core features like automated deploys and environment promotions now function seamlessly and reliably. You can consistently deploy code automatically and confidently from your preferred version control system.
• Instantly accessible Review Apps: Every feature branch now instantly receives an accessible Review App. This enables instant, isolated testing for QA and product managers, accelerating your time-to-market.
• Consistent support for all enterprise environments: The integration fully supports both on-premises GHES and the cloud-based GHEC.

This means developers at the world’s largest companies can finally utilize Heroku’s best-in-class workflow.

Take the next step: Try the new GitHub integration

The new Heroku GitHub Enterprise Integration is now available in a closed pilot, however, we would be happy to add your organization before GA. Contact heroku-feedback@salesforce.com to request the pilot.

Organizations that use GitHub Enterprise Server (GHES) or GitHub Enterprise Cloud (GHEC) and are looking to achieve superior security, operational stability, and full access to Heroku’s Continuous Delivery features are the best matches for participation in this pilot.